Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Spectroplast GmbH

Flössergasse 2

81369 München Germany

Email: info@spectroplast.com

Website: www.spectroplast.com

2. Scope of This Policy

This Privacy Policy explains how Spectroplast GmbH collects, uses, stores, and protects personal data when you visit our website (spectroplast.com), use our on-demand manufacturing platform, upload files, place orders, or communicate with us. It applies to all users in the European Union and beyond, in accordance with the General Data Protection Regulation (GDPR).

3. Data We Collect and Why

3.1 Website Visit & Analytics

When you visit our website, we collect technical data to analyse usage and improve performance. We use:

1. Google Analytics 4 (GA4) — anonymised usage data, page views, session duration, device type. Data is processed by Google LLC under a Data Processing Agreement. IP anonymisation is enabled.
2. Plausible Analytics — a privacy-first analytics tool. No cookies are set. No personal data is transferred to third parties. Data is processed on EU-based infrastructure.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding website usage and improving our service. For GA4, consent is obtained via our cookie banner where required.

3.2 Contact Forms

Our contact forms are powered by Odoo. When you submit a form, we collect:

1. Name
2. Email address
3. Company name
4. Your message

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to respond to your enquiry or take pre-contractual steps.

3.3 File Upload & Online Shop (3YourMind)

Our 3D file upload and on-demand manufacturing store is powered by 3YourMind. When you upload a file and create an account, we collect:

1. Name and surname
2. Email address
3. Company name and address
4. Billing and shipping address
5. Uploaded 3D files and associated specifications
6. Order history and transaction data

This data is necessary to process your order, manufacture your parts, and fulfil our contractual obligations.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

3.4 CRM & Order Management (Odoo)

When you express interest in a product or service, or order a product or service, we will store the information you submit in a customer account in our CRM database which contains your master data (name, address, account etc.). All communications, correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the (prospective) business relationship will then be stored in, or linked to, this customer account.

We will store and process your data on the one hand to perform the respective contractual relationship with respect to the products and services I deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, in order to fulfill statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified below. Otherwise customer data will be deleted after expiry of one year.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract and Art. 6(1)(f) GDPR — legitimate interest.

3.5 Email Communication (Odoo / Resend)

Transactional emails (order confirmations, shipping notifications, account-related messages) are sent via Resend. Marketing emails and newsletters are managed via Odoo.

You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or contacting us at info@spectroplast.com.

Legal basis: Art. 6(1)(b) GDPR for transactional emails; Art. 6(1)(a) GDPR (consent) for marketing communications.

3.6 Internal Tools

We use the following tools internally to operate our business. These tools may process personal data (e.g., names, email addresses, project-related information) shared by or about our contacts:

1. Microsoft 365 — email, document storage, and collaboration
2. Notion — internal documentation and project management
3. Langdock — AI-assisted workflows for internal use

Data processed in these tools is subject to the respective providers' data processing agreements and is used solely for internal operational purposes.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in efficient business operations.

4. Cookies

Our website uses cookies. A cookie is a small text file stored on your device when you visit a website.

1. Functional cookies — necessary for the website and shop to operate correctly. These are set automatically.
2. Analytics cookies (GA4) — set only with your consent via our cookie banner.
3. Plausible Analytics — does not use cookies.

You can manage or withdraw your cookie consent at any time via our cookie settings or your browser settings.

5. Data Transfers Outside the EU

Some of our service providers are based outside the European Economic Area (EEA). Where personal data is transferred to third countries, we ensure appropriate safeguards are in place, including:

1. Standard Contractual Clauses (SCCs) approved by the European Commission
2. Adequacy decisions where applicable

Affected providers include Google LLC (GA4) and Microsoft 365. All transfers are governed by Data Processing Agreements.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:

1. Contact enquiries: up to 3 years after last contact
2. Order and customer data: 10 years (statutory accounting obligations under German law)
3. Analytics data: as configured in GA4 (maximum 14 months); Plausible data is retained indefinitely in aggregated, anonymised form
4. Newsletter subscribers: until unsubscribe or withdrawal of consent

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

1. Right of access (Art. 15 GDPR) — you may request a copy of the data we hold about you
2. Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate data
3. Right to erasure (Art. 17 GDPR) — you may request deletion of your data, subject to legal retention obligations
4. Right to restriction of processing (Art. 18 GDPR)
5. Right to data portability (Art. 20 GDPR)
6. Right to object (Art. 21 GDPR) — in particular to processing based on legitimate interest
7. Right to withdraw consent (Art. 7(3) GDPR) — without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at: info@spectroplast.com

You also have the right to lodge a complaint with your local data protection supervisory authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) or the relevant authority in your federal state.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website is served via HTTPS. Access to personal data within our systems is restricted on a need-to-know basis.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. The current version is always available at spectroplast.com/privacy. We recommend reviewing this page periodically.

10. Contact

For any questions about this Privacy Policy or your personal data, please contact:

Spectroplast GmbH Flössergasse 2 81369 München Germany Email: info@spectroplast.com